<?php
header ("Content-Type:text/html; charset= utf-8");
require_once('config.php');
require_once(WEBURL.'/include/conn.php');
if (!isset($_POST['submit']) || !$_POST['submit']){
	/*验证ip段*/
	/*获取用户ip*/
	$ip = @$_SERVER["REMOTE_ADDR"];
	if($ip==""){
		echo "该网站仅限特定的ip访问，由于无法获取您的ip地址，拒绝访问！";
		exit();
	}
	$filename=WEBURL."/data/ipfilter/ipfilter.txt";
	$ipfilter_tmp=file_get_contents($filename);
	$result=array();
	if($ipfilter_tmp!=""){
		$ipfilter=explode("|", $ipfilter_tmp);
		for($i=0;$i<count($ipfilter);$i++){
			/*范围段*/
			if(strpos($ipfilter[$i],'-')!==false){
				$ip_range=explode("-", $ipfilter[$i]);
				$ip_min=$ip_range[0];
				$ip_max=$ip_range[1];

				if(getDecIp($ip)>=getDecIp($ip_min)&&getDecIp($ip)<=getDecIp($ip_max)){
					$result[$i]="true";
				}
				else{
					$result[$i]="false";
				}
			}/*指定ip*/
			else{
				$ip_min=$ip_max=getDecIp($ipfilter[$i]);
				if(strpos($ipfilter[$i],'*')!==false){
					$ip_tmp = explode(".", $ipfilter[$i]);
					$num=count($ip_tmp);
					if($num==1){
						$ip_min=0;
					}
					if($num==2){
						$ip_min=$ip_tmp[0]*255*255*255;
					}
					if($num==3){
						$ip_min=$ip_tmp[0]*255*255*255+$ip_tmp[1]*255*255;
					}
					if($num==4){
						$ip_min=$ip_tmp[0]*255*255*255+$ip_tmp[1]*255*255+$ip_tmp[2]*255;
					}
				}
				if(getDecIp($ip)>=$ip_min&&getDecIp($ip)<=$ip_max){
					$result[$i]="true";
				}
				else{
					$result[$i]="false";
				}
			}
		}
	}
	$flag=false;
	for($i=0;$i<count($result);$i++){
		if($result[$i]=="true"){
			$flag=true;
			break;
		}
	}
	if($flag==false){
		echo "您的ip禁止访问该站点!";
		exit();
	}
	$validate=strtoupper(@$_POST['validate']);
	$valiate_image_value=@$_SESSION['valiate_image_value'];
	//echo $validate;
	//echo $valiate_image_value;
	if(($validate=='' || $validate != $valiate_image_value)){
		echo "<script language = JavaScript>alert (\"验证码不正确!\");history.back();</script>";
		exit;
	}
	else {
		$admin_name = @$_POST['admin_name'];
		$admin_pwd = @$_POST['admin_pwd'];
		$gotopage=@$_POST['gotopage'];
		if(!empty($admin_name) && !empty($admin_pwd))
		{
			$sql_check_admin = "select * from admin where admin_name = '$admin_name'";
			$result_check_admin = mysql_query($sql_check_admin);
			if(!$result_check_admin){
				echo "<script language = JavaScript>alert (\"用户名或密码错误!\");history.back();</script>";
				exit;
			}
			$row=mysql_num_rows($result_check_admin);
			/*有此用户*/
			if($row!=0)
			{
				$row_check_admin=mysql_fetch_object($result_check_admin);
				$pwd=md5($row_check_admin->admin_pwd.strtolower($valiate_image_value));
				if($pwd!=$admin_pwd){
					echo "<script language = JavaScript>alert (\"用户名或密码错误!\");history.back();</script>";
					exit;
				}
					
				$_SESSION['admin_name']=$admin_name;
				$ip = @$_SERVER["REMOTE_ADDR"];
				$time=time();
				$sql_update_user="update admin set login_time=$time,login_ip='$ip' where admin_name='$admin_name';";
				$result_update_user=mysql_query($sql_update_user) or die(mysql_error());

				if($gotopage!="")
				{
					echo "<script language = JavaScript>window.location='".$gotopage."';</script>";
				}
				else
				{
					echo "<script language = JavaScript>window.location=\"index.php\";</script>";
				}
			}
			/*验证失败*/
			else if($row==0)
			{
				echo "<script language = JavaScript>alert (\"用户名或密码错误!\");history.back();</script>";
			}
		}
		/*用户名或密码输入为空*/
		else
		{
			echo "<script language = JavaScript>alert (\"用户名或密码不能为空!\");history.back();</script>";
		}
	}
}
function getDecIp($ip){
	$ip = explode(".", $ip);
	$num=count($ip);
	if($num==1){
		return 255*255*255*255+255*255*255+255*255+255;
	}
	if($num==2){
		return $ip[0]*255*255*255+255*255*255+255*255+255;
	}
	if($num==3){
		return $ip[0]*255*255*255+$ip[1]*255*255+255*255+255;
	}
	if($num==4){
		if($ip[3]=='*'){
			return $ip[0]*255*255*255+$ip[1]*255*255+$ip[2]*255+255;
		}else{
			return $ip[0]*255*255*255+$ip[1]*255*255+$ip[2]*255+$ip[3];
		}
	}
}
